Say NO to splittunneling

maynarja · Jan 26, 2007

I must be missing something obvious.

I am trying to force all traffic throught the tunnel (internet and local traffic). I do not want to use split tunneling which works fine.

pfSense --- vpn remote network = 0.0.0.0 0.0.0.0
PIX ----- IPsec Rule = 0.0.0.0 0.0.0.0 with destination 10.1.1.0 255.255.255.0

I can get to everything into the core network and all subnets even if I add RRI on the PIX still I get no internet.

maynarja · Jan 28, 2007

I am going to try this correct me if I am wrong and this will not work.

PIX 7.x Config
access-list IPSEC_21 permit ip 0.0.0.0 0.0.0.0 10.2.2.0 255.255.255.0
same-security-traffic permit intra-interface

pfSense
remote 0.0.0.0 0.0.0.0
remote gw [staticPublicIP]

use 0.0.0.0 0.0.0.0 to force all traffic through the tunnel?
use "same-security-traffic permit intra-interface" to allow all traffic to return out the same interface it is recieved?

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Say NO to splittunneling

maynarja

MIS

maynarja

MIS

Similar threads

Part and Inventory Search

Sponsor